CORBA 2.6.1 Administration Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

PATHMON process name and server class name in the program profile. The following table shows the keys and values that are associated with

the Pathsend protocol (

tsmp_server):

Pathsend Protocol Keys and Values

Key Possible Values Default Value

pathmon

Valid process name None

server_class

Valid server class name None

File-System Protocol

Enable the file-system protocol when you want the NonStop Kernel file system to be used as the transport mechanism for requests and

responses. The file-system protocol is appropriate when:

The client and server reside in the same Expand network.

The server is running as a stand-alone OSS process (that is, not as part of a TS/MP server pool).

The server is running in a TS/MP server pool and your object is associated with a POA that has a stateful policy.

When your server produces object references that specify the file-system protocol, the process name is included as part of the object

references. Later, clients using the object reference make requests and those requests are directed to the identically named process. For this

reason, the server process must run as a named process.

The POA lifespan policy also affects file-system object references:

Lifespan

Policy

Effect

Transient Only the process instance that produced the object reference can subsequently service it. Thus if your server restarts,

the transient object reference is no longer valid even though the restarted process has the same name as the original

process.

Persistent A restarted process that has the same name as the original process can service the request.

IIOP/SSL Protocol

Enable the IIOP/SSL protocol when you want to secure communications between clients and servers. This protocol is appropriate whenever you

want to assure confidentiality, authenticate clients, and assure message integrity.

The following table shows the keys and values that are associated with the IIOP/SSL protocol:

Key Possible

Values

Default Value Operational Characteristics

ssl_client

true or false

false

IIOP/SSL protocol, client side.

ssl_only

true or false

false

A value of true will force tcp_client to be false.

ssl_port

Integer None Identifies the server's listening port and enables the

IIOP/SSL protocol for the server side.

ssl_verify_peer

true or false

false

Requests and authenticates the client's certificate.

ssl_version

TLSv1 or

SSLv3 or

SSLv2 or

SSLv23

SSLv3

The specific SSL protocol version to use. TLSv1 or SSLv3 is

recommended.

SSLv2 and SSLv23 are not recommended, but

are provided for completeness.

ssl_ciphers

See

OpenSSL

Cipher List

for Use with

ssl_ciphers

DEFAULT

ALL:!ADH:RC4+RSA:+SSLv2@STRENGTH

ssl_cert_dir

OSS path

$nsd_root/ssliop/cacerts

The names of the directory that contain all the trusted self-

signed CA certificates. It is important that the

ssl_cert_dir

is given the proper write permissions to protect against

unauthorized CA certificates.

ssl_cert_file

OSS

path/filename

$nsd_root/ssliop/default/cert.pem

Certificate file.

ssl_pkey_file

OSS

path/filename

$nsd_root/ssliop/default/cert.pem

Private key file.